1 // SPDX-License-Identifier: CDDL-1.0 2 /* 3 * CDDL HEADER START 4 * 5 * The contents of this file are subject to the terms of the 6 * Common Development and Distribution License (the "License"). 7 * You may not use this file except in compliance with the License. 8 * 9 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 10 * or https://opensource.org/licenses/CDDL-1.0. 11 * See the License for the specific language governing permissions 12 * and limitations under the License. 13 * 14 * When distributing Covered Code, include this CDDL HEADER in each 15 * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 16 * If applicable, add the following below this CDDL HEADER, with the 17 * fields enclosed by brackets "[]" replaced with your own identifying 18 * information: Portions Copyright [yyyy] [name of copyright owner] 19 * 20 * CDDL HEADER END 21 */ 22 /* 23 * Copyright 2009 Sun Microsystems, Inc. All rights reserved. 24 * Use is subject to license terms. 25 */ 26 27 #include <sys/zfs_context.h> 28 #include <modes/modes.h> 29 #include <sys/crypto/common.h> 30 #include <sys/crypto/impl.h> 31 32 /* 33 * Initialize by setting iov_or_mp to point to the current iovec or mp, 34 * and by setting current_offset to an offset within the current iovec or mp. 35 */ 36 void 37 crypto_init_ptrs(crypto_data_t *out, void **iov_or_mp, offset_t *current_offset) 38 { 39 offset_t offset; 40 41 switch (out->cd_format) { 42 case CRYPTO_DATA_RAW: 43 *current_offset = out->cd_offset; 44 break; 45 46 case CRYPTO_DATA_UIO: { 47 zfs_uio_t *uiop = out->cd_uio; 48 uint_t vec_idx; 49 50 offset = out->cd_offset; 51 offset = zfs_uio_index_at_offset(uiop, offset, &vec_idx); 52 53 *current_offset = offset; 54 *iov_or_mp = (void *)(uintptr_t)vec_idx; 55 break; 56 } 57 } /* end switch */ 58 } 59 60 /* 61 * Get pointers for where in the output to copy a block of encrypted or 62 * decrypted data. The iov_or_mp argument stores a pointer to the current 63 * iovec or mp, and offset stores an offset into the current iovec or mp. 64 */ 65 void 66 crypto_get_ptrs(crypto_data_t *out, void **iov_or_mp, offset_t *current_offset, 67 uint8_t **out_data_1, size_t *out_data_1_len, uint8_t **out_data_2, 68 size_t amt) 69 { 70 offset_t offset; 71 72 switch (out->cd_format) { 73 case CRYPTO_DATA_RAW: { 74 iovec_t *iov; 75 76 offset = *current_offset; 77 iov = &out->cd_raw; 78 if ((offset + amt) <= iov->iov_len) { 79 /* one block fits */ 80 *out_data_1 = (uint8_t *)iov->iov_base + offset; 81 *out_data_1_len = amt; 82 *out_data_2 = NULL; 83 *current_offset = offset + amt; 84 } 85 break; 86 } 87 88 case CRYPTO_DATA_UIO: { 89 zfs_uio_t *uio = out->cd_uio; 90 offset_t offset; 91 uint_t vec_idx; 92 uint8_t *p; 93 uint64_t iov_len; 94 void *iov_base; 95 96 offset = *current_offset; 97 vec_idx = (uintptr_t)(*iov_or_mp); 98 zfs_uio_iov_at_index(uio, vec_idx, &iov_base, &iov_len); 99 p = (uint8_t *)iov_base + offset; 100 *out_data_1 = p; 101 102 if (offset + amt <= iov_len) { 103 /* can fit one block into this iov */ 104 *out_data_1_len = amt; 105 *out_data_2 = NULL; 106 *current_offset = offset + amt; 107 } else { 108 /* one block spans two iovecs */ 109 *out_data_1_len = iov_len - offset; 110 if (vec_idx == zfs_uio_iovcnt(uio)) { 111 *out_data_2 = NULL; 112 return; 113 } 114 vec_idx++; 115 zfs_uio_iov_at_index(uio, vec_idx, &iov_base, &iov_len); 116 *out_data_2 = (uint8_t *)iov_base; 117 *current_offset = amt - *out_data_1_len; 118 } 119 *iov_or_mp = (void *)(uintptr_t)vec_idx; 120 break; 121 } 122 } /* end switch */ 123 } 124 125 void 126 crypto_free_mode_ctx(void *ctx) 127 { 128 common_ctx_t *common_ctx = (common_ctx_t *)ctx; 129 130 switch (common_ctx->cc_flags & (CCM_MODE|GCM_MODE)) { 131 case CCM_MODE: 132 if (((ccm_ctx_t *)ctx)->ccm_pt_buf != NULL) 133 vmem_free(((ccm_ctx_t *)ctx)->ccm_pt_buf, 134 ((ccm_ctx_t *)ctx)->ccm_data_len); 135 136 kmem_free(ctx, sizeof (ccm_ctx_t)); 137 break; 138 139 case GCM_MODE: 140 gcm_clear_ctx((gcm_ctx_t *)ctx); 141 kmem_free(ctx, sizeof (gcm_ctx_t)); 142 break; 143 144 default: 145 __builtin_unreachable(); 146 } 147 } 148 149 static void * 150 explicit_memset(void *s, int c, size_t n) 151 { 152 memset(s, c, n); 153 __asm__ __volatile__("" :: "r"(s) : "memory"); 154 return (s); 155 } 156 157 /* 158 * Clear sensitive data in the context and free allocated memory. 159 * 160 * ctx->gcm_remainder may contain a plaintext remainder. ctx->gcm_H and 161 * ctx->gcm_Htable contain the hash sub key which protects authentication. 162 * ctx->gcm_pt_buf contains the plaintext result of decryption. 163 * 164 * Although extremely unlikely, ctx->gcm_J0 and ctx->gcm_tmp could be used for 165 * a known plaintext attack, they consist of the IV and the first and last 166 * counter respectively. If they should be cleared is debatable. 167 */ 168 void 169 gcm_clear_ctx(gcm_ctx_t *ctx) 170 { 171 explicit_memset(ctx->gcm_remainder, 0, sizeof (ctx->gcm_remainder)); 172 explicit_memset(ctx->gcm_H, 0, sizeof (ctx->gcm_H)); 173 #if defined(CAN_USE_GCM_ASM) 174 if (ctx->gcm_use_avx == B_TRUE) { 175 ASSERT3P(ctx->gcm_Htable, !=, NULL); 176 explicit_memset(ctx->gcm_Htable, 0, ctx->gcm_htab_len); 177 kmem_free(ctx->gcm_Htable, ctx->gcm_htab_len); 178 } 179 #endif 180 if (ctx->gcm_pt_buf != NULL) { 181 explicit_memset(ctx->gcm_pt_buf, 0, ctx->gcm_pt_buf_len); 182 vmem_free(ctx->gcm_pt_buf, ctx->gcm_pt_buf_len); 183 } 184 /* Optional */ 185 explicit_memset(ctx->gcm_J0, 0, sizeof (ctx->gcm_J0)); 186 explicit_memset(ctx->gcm_tmp, 0, sizeof (ctx->gcm_tmp)); 187 } 188